diff options
author | Peter Jones <pjones@redhat.com> | 2006-08-22 20:17:49 +0000 |
---|---|---|
committer | Peter Jones <pjones@redhat.com> | 2006-08-22 20:17:49 +0000 |
commit | 359c4c2b29d4be0c3456d92ca908da0bc0497089 (patch) | |
tree | d0db7a3b56efb5e7abb8f3d741f5bc2eac38754c /isys/auditd.c | |
parent | 1b7cfd62f906f882c9ebe84822643298c883220b (diff) | |
download | anaconda-359c4c2b29d4be0c3456d92ca908da0bc0497089.tar.gz anaconda-359c4c2b29d4be0c3456d92ca908da0bc0497089.tar.xz anaconda-359c4c2b29d4be0c3456d92ca908da0bc0497089.zip |
- add a simple audit daemon
Diffstat (limited to 'isys/auditd.c')
-rw-r--r-- | isys/auditd.c | 133 |
1 files changed, 133 insertions, 0 deletions
diff --git a/isys/auditd.c b/isys/auditd.c new file mode 100644 index 000000000..b4a203870 --- /dev/null +++ b/isys/auditd.c @@ -0,0 +1,133 @@ +/* + * auditd.c + * + * This is a simple audit daemon that throws all messages away. + * + * Peter Jones <pjones@redhat.com> + * + * Copyright 2006 Red Hat, Inc. + * + * This software may be freely redistributed under the terms of the GNU + * General Public License, version 2. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#define _GNU_SOURCE 1 + +#include <sys/types.h> +#include <sys/syscall.h> +#include <sys/poll.h> +#include <unistd.h> +#include <fcntl.h> +#include <signal.h> +#include <string.h> +#include <stdlib.h> +#include <errno.h> + +#include <libaudit.h> + +#include "auditd.h" + +#ifdef USESELINUX +static int done; + +static void sig_done(int sig) +{ + done = 1; +} + +static void do_auditd(int fd) { + struct auditd_reply_list *rep = NULL; + sigset_t sigs; + struct sigaction sa; + struct pollfd pds = { + .events = POLLIN | POLLPRI | POLLERR | POLLHUP | POLLMSG, + .revents = 0, + .fd = fd, + }; + + if (audit_set_pid(fd, getpid(), WAIT_YES) < 0) + return; + + if (audit_set_enabled(fd, 1) < 0) + return; + + memset(&sa, '\0', sizeof (sa)); + sa.sa_handler = sig_done; + sigaction(SIGTERM, &sa, NULL); + sigaction(SIGINT, &sa, NULL); + sigaction(SIGHUP, &sa, NULL); + + sigfillset(&sigs); + sigdelset(&sigs, SIGTERM); + sigdelset(&sigs, SIGINT); + sigdelset(&sigs, SIGHUP); + + while (1) { + struct timespec timeout = { -1, -1 }; + int retval; + + if (rep == NULL) { + if (!(rep = calloc(1, sizeof (*rep)))) + return; + } + + do { + retval = ppoll(&pds, 1, &timeout, &sigs); + } while (retval == -1 && errno == EINTR && !done); + + if (done) + break; + + if (audit_get_reply(fd, &rep->reply, GET_REPLY_NONBLOCKING, 0) > 0) { + /* we don't actually want to do anything here. */ + ; + } + } + return; +} +#endif /* USESELINUX */ + +int audit_daemonize(void) { +#ifdef USESELINUX + int fd; +#ifndef STANDALONE + int i; + pid_t child; + + if ((child = fork()) > 0) + return 0; + + for (i = 0; i < getdtablesize(); i++) + close(i); + + setsid(); + signal(SIGTTOU, SIG_IGN); + signal(SIGTTIN, SIG_IGN); + signal(SIGTSTP, SIG_IGN); + + if ((fd = open("/proc/self/oom_adj", O_RDWR)) >= 0) { + i = write(fd, "-17", 3); + close(fd); + } + +#endif /* !defined(STANDALONE) */ + fd = audit_open(); + do_auditd(fd); + audit_close(fd); +#endif /* USESELINUX */ + return 0; +} + +#ifdef STANDALONE +int main(void) { + return audit_daemonize(); +} +#endif /* STANDALONE */ + +/* + * vim:ts=8:sw=4:sts=4:et + */ |